Final (hopefully) privilege escalation policy draft

Matthew Woehlke mw_triad at
Sat Feb 20 03:05:27 UTC 2010

Tim Waugh wrote:
> On Mon, 2010-02-15 at 12:10 -0800, Adam Williamson wrote:
>> That's correct. This is frankly a 'realistic' decision, on the basis
>> that the PackageKit maintainer believes updating packages should be
>> allowed for a regular user by default and intends to implement this, and
>> I don't want to dictate this decision via the policy (that's not really
>> what we're writing the policy for), so I'd rather just go with PK's
>> choice there.
> The justification I remember for it was that authentication dialogs
> should be for "exceptional" situations, not for things that might
> regularly need to occur such as updates, and to avoid lulling users into
> blinding typing passwords into dialogs every time they are presented
> just to get stuff done.

What happened to 'ask the first time, and at the same time ask to change 
the policy to make this action permitted without authentication'? IMO 
that's the right way. Either the user will be nagged *once*, or else 
they have said that they want to be nagged.

And... IMO if the policy doesn't require this, then it fails to address 
the point that was the entire reason for wanting such a policy in the 
first place.

Please do not quote my e-mail address unobfuscated in message bodies.
Oops. -- Shannon Foraker (David Weber, Ashes of Victory)

More information about the devel mailing list